Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp Enterprise- Adding Certificates in GUI doesn't add to Java Trust Store

Lynch, | Last updated: Oct 28, 2021 06:07PM UTC

Hello, I have our internal certificates added to Burp Enterprise's GUI, however, upon running a scan against a website that has the proper internal certificate chain trust, we still get the medium TLS Certificate finding. I've read other posts about adding these certificates manually to the Java Store, however, every time burp/java updates, it will overwrite them, and it's a very manual process to be constantly replacing. Is there no way that these GUI certs could also be added automatically to the java store?

Maia, PortSwigger Agent | Last updated: Oct 29, 2021 03:08PM UTC

Hi, Thanks for your message. Currently, there is no way to do this through the UI. We do have a feature request logged to address the issue and I have linked this request to the feature both to record your interest in it and so we can let you know when there is an update. We don't have any timescales for this just yet I'm afraid. In the meantime, would marking these issues as false positives (which would allow you to exclude them from reports) or turning off this particular scan check in the scan configuration be an option? You can read more about handling false positives here: https://portswigger.net/burp/documentation/enterprise/working/scan-results/false-positives I hope this helps, please let us know if you have any further questions in response to the above.

Wayne | Last updated: Mar 12, 2024 05:34AM UTC

Do we have this available now. I do see upload certificate in Settings > Network but as Lynch said upload cert doesn't modify the Java Trust Store.

Maia, PortSwigger Agent | Last updated: Mar 12, 2024 11:28AM UTC